module

NetMotion Mobility Server MvcUtil Java Deserialization

Try Surface Command
Back to search
Disclosed
Feb 8, 2021
Created
May 18, 2021

Description

This module exploits an unauthenticated Java deserialization in the
NetMotion Mobility server's MvcUtil.valueStringToObject() method, as
invoked through the /mobility/Menu/isLoggedOn endpoint, to execute
code as the SYSTEM account.

Mobility server versions 11.x before 11.73 and 12.x before 12.02 are
vulnerable. Tested against 12.01.09045 on Windows Server 2016.

Authors

mr_me
wvu wvu@metasploit.com

Platform

Windows

Architectures

cmd, x86, x64

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use exploit/windows/http/netmotion_mobility_mvcutil_deserialization
    msf exploit(netmotion_mobility_mvcutil_deserialization) > show targets
        ...targets...
    msf exploit(netmotion_mobility_mvcutil_deserialization) > set TARGET < target-id >
    msf exploit(netmotion_mobility_mvcutil_deserialization) > show options
        ...show and set options...
    msf exploit(netmotion_mobility_mvcutil_deserialization) > exploit
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today